Broadcasting medical image objects with digital rights management

ABSTRACT

Techniques are disclosed for efficiently and securely handling of patient medical images and data. In one particular embodiment, an acquisition service and picture archive communication system (PACS) architecture are provided that facilitate the transmission and storage of medical image objects using reliable IP multicasting, packet encoded transmission, and digital rights management (DRM). The system effectively creates a broadcast signal in which all listening computers can securely receive medical image objects at once for purposes of interpretation/diagnosis, assisting in surgery, and other such appropriate medical uses.

FIELD OF THE INVENTION

The invention relates to picture archive communication systems (PACS),and more particularly, to the distribution and management of medicalimage objects for radiology, cardiology and other specialties such asorthopedics.

BACKGROUND OF THE INVENTION

A picture archive communication system (PACS) is a system thatfacilitates the acquisition, storage, retrieval, distribution, anddisplay of digital images and related patient information from a varietyof imaging sources (e.g., CT scans, MRI scans, X-rays, ultrasounds, andother medical images) using a network. The network may be a local orwide-area network, and typically is configured with modality interfacesand a server system for a healthcare facility. DICOM (Digital Imagingand Communications in Medicine) is a standard that defines connectivityand communication protocols of medical imaging devices, and includes afile format definition for storing and distributing medical imaginginformation.

Current PACS technology utilizes point-to-point networking to moveimages from modality-to-DICOM acquisition, to caching server, toarchive, to backup. Images are fully “copied” on and across the networkmany times. In addition, an end-user must copy a lossless version of themedical image to the client computer as they view the study. Suchpoint-to-point networking and repeated copying is associated withsignificant bandwidth usage and time delays.

In addition, current PACS solutions must re-start transmission of theentire medical image object from the source to the client computer inthe event that the connection is lost or failure occurs. Moreover,current PACS solutions require low-latency networks, since the imagepixel data is typically transmitted to the client computer as it isrequested. With high-latency connections, pixel data transmissions maybe susceptible to unacceptable end-user wait times. Further exacerbatingthis situation is that current PACS solutions do not utilize theprocessing power and data storage available on common ordinary personalcomputers.

Current PACS technology requires extensive workflow rules processors to“push” studies to the intended diagnostic workstation from which thestudy will be viewed by a clinician, or the clinician has to “request”studies and then wait while they are transferred to their computer forviewing. PACS solutions also require costly storage area networks (SANs)to serve up images on demand. Many traditional PACS solutions require anetwork to be active in order to view studies. This creates significantproblems and patient safety issues for patient procedure labs, andsurgery rooms where imaging is required 100% of the time.

Furthermore, traditional PACS viewing stations may expose patientprivileged information since DICOM studies are usually storedsecondarily on PC file systems. DICOM file format includes patientconfidential information and does not provide a method for securing thisdata. A DICOM part-10 patient medical image file can be passed aroundvia the Internet, email, and other such common forms of communicationwithout consent from the patient or physician. Part-15 of the DICOMspecifies transmission and some negotiation security, but does notaddress the Part-10 file security issue.

What is needed, therefore, are techniques for efficiently distributingand securely handling of patient medical images.

SUMMARY OF THE INVENTION

One embodiment of the present invention is a method for securelycommunicating medical information. The method includes receiving patientinformation, including medical image data, converting the patientinformation into medical image object (MIOs), and encrypting the MIOs.The method further includes creating an issuance license that specifiesaccess rights of the MIOs, thereby limiting future access to the MIOs.The method further includes chunking the encrypted MIOs into packets,and assigning a manifest to each chunked MIO. The method furtherincludes broadcasting the manifest and encrypted MIO packets to aplurality of receivers on a network. The method may further includereceiving the broadcast manifest and encrypted MIO packets at one ormore of the receivers, and re-assembling the MIOs from instructionsincluded in the manifest. Here, the method further includes storing thereassembled MIOs local to the at least one receiver, and requiring userauthentication in accordance with the issuance license during accessattempts of the stored reassembled MIOs. In one such case, the methodfurther includes sending by each of the one or more receivers anotification to a directory service to indicate that it has received thebroadcast MIOs. The method may include storing the issuance license in adigital rights management (DRM) license store of a directory service.The method may include storing the encrypted MIO packets in an archivefor long term storage. The method may include indexing and trackinglocation of all broadcast MIOs using a directory service. In one suchcase, the method further includes sending by at least one of thereceivers a notification to the directory service to indicate that thereceiver has received the broadcast MIOs. The method may include storingthe reassembled MIOs local to the at least one receiver, removing olderMIOs to make room for newly received MIOs, and notifying a directoryservice of the change in MIO storage. In one particular case, convertingthe patient information into MIOs includes converting the patientinformation into Digital Imaging and Communications in Medicine (DICOM)MIOs. In another particular case, broadcasting the manifest andencrypted MIO packets is carried out using reliable IP multicasting.

Another embodiment of the present invention provides one or moremachine-readable mediums (e.g., one or more compact disks, diskettes,servers, memory sticks, or hard drives) encoded with instructions, thatwhen executed by one or more processors, cause the processor to carryout a process for securely communicating medical information. Thisprocess can be, for example, similar to or a variation of the previouslydescribed method.

Another embodiment of the present invention is a system for securelycommunicating medical information. The system functionality can beimplemented, for example, in software (e.g., executable instructionsencoded on one or more processor-readable storage mediums), hardware(e.g., gate level logic or one or more ASICS), firmware (e.g., one ormore microcontrollers with I/O capability and embedded routines forcarrying out the functionality described herein), or some combinationthereof. One such system includes an acquisition service for receivingpatient information including medical image data, converting the patientinformation into medical image object (MIOs), encrypting the MIOs, andcreating an issuance license that specifies access rights of the MIOs,thereby limiting future access to the MIOs. The system further includesa packet encoder for chunking the encrypted MIOs into packets, andassigning a manifest to each chunked MIO. The system further includes abroadcast service for broadcasting the manifest and encrypted MIOpackets to a plurality of receivers on a network. The system may includea receiver agent for receiving the broadcast manifest and encrypted MIOpackets at one or more of the plurality of receivers, and re-assemblingthe MIOs from instructions included in the manifest. The system mayinclude a storage facility for storing the reassembled MIOs local to theat least one receiver. The system may include a digital rightsmanagement (DRM) license store for use in carrying out userauthentication in accordance with the issuance license during accessattempts of the stored reassembled MIOs.

The features and advantages described herein are not all-inclusive and,in particular, many additional features and advantages will be apparentto one of ordinary skill in the art in view of the figures anddescription. Many suitable means for implementing embodiments of thepresent invention will be apparent in light of this disclosure.Moreover, it should be noted that the language used in the specificationhas been principally selected for readability and instructionalpurposes, and not to limit the scope of the inventive subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a collaboration diagram showing flow of information andprocessing in a picture archive communication system (PACS) configuredin accordance with one embodiment of the present invention.

FIG. 2 illustrates a high-level view of a PACS configured in accordancewith one embodiment of the present invention.

FIG. 3 illustrates a detailed bock diagram and communication flow of aPACS utilized during an image acquisition process, in accordance withone embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Techniques are disclosed for efficiently and securely handling ofpatient medical images and data. In one particular embodiment, anacquisition service and picture archive communication system (PACS)architecture are provided that facilitate the transmission and storageof medical image objects using reliable IP multicasting, packet encodedtransmission, and digital rights management (DRM). The systemeffectively creates a broadcast signal in which all “listening”computers can securely receive medical image objects at once forpurposes of interpretation/diagnosis, assisting in surgery, and othersuch appropriate medical uses.

General Overview

During the acquisition process from the modality to the acquisitionservice, DICOM study information in rights management format (or othersuch format) is broadcast to all available listeners at once. Thisbroadcast can be implemented much like an RF broadcast using IPmulticasting with packet coordination/sequencing. The listeners to thisbroadcast information include, for example, clinician's workstations,DICOM caching servers, medical imaging archives, and offsite storage(e.g., disaster copies of the medical image objects). Devices such asclinician's workstations may keep in a local copy on disk a FIFO(first-in-first out) copy of as many medical objects as possible.

By moving medical image objects instantaneously to all points ofpossible care, better diagnosis/interpretation can occur since allspecialists will have the medical image objects for review at once.Prior medical image objects may also be broadcast from long-term storage(e.g., PACS archive) to all points of care, so as to further facilitatebetter diagnosis/interpretation.

Broadcasting studies to all listeners at once creates a low-bandwidthconstant stream of information, which reduces the need forpoint-to-point high bandwidth connections and reduces CPU/networkprocessing and bandwidth requirements. In addition, all client computersbecome digital recorders of the study information, which gives thehealthcare providers (e.g., interpreters/radiologists) instant access infull fidelity of the medical image objects. Furthermore, by broadcastingstudy information onto numerous clinician stations, there is a greatlyreduced chance of loosing medical image objects due to catastrophes orhardware problems. In addition, various embodiments of the presentinvention reduce cost by eliminating the need for regional/localizedcaching servers, and also by immediately providing images, with no ornegligible waiting time for the interpreters/radiologists. Moreover,note that patient care can continue during network disruptions, as themedical objects can be stored local to the interpreters/radiologists.

By using packet encoding (which effectively chunks up the medical imageobject into sections), re-transmission of the entire medical imageobject is not necessary in the event a network or other transmissionfailure occurs. Also packet encoding allows a receiver to pickup thepackets out of sequence to avoid the broadcaster having to resend theentire medical image object. This is a particular benefit for largeobjects in WAN/Public VPN environments. By integrating digital rightsmanagement (DRM) into the PACS (e.g., by encrypting medical imageobjects with authenticable access/view rights polices), the broadcastinformation fully supports patient privacy, and is HIPAA-enabled.Furthermore, with the advent of the “patient owns the information,” thesolutions described herein support the patient controlling access whileallowing for distribution. The solutions also permit changing thepermissions on “rights to decrypt” and access/view from a centrallycontrolled rights management server (or other facility). Thesepermissions can be time-sensitive, such that rights todecrypt/access/view only exist for periods of time (e.g., through use ofan expiration date). As such, there is no need to re-send the decryptedobjects or to access the remote computers to change the access rights.

A PACS configured in accordance with an embodiment of the presentinvention can be implemented using any number of communicationtechnologies and network topologies. One embodiment employs WAN clientworkstations that include broadband (e.g., DSL/Cable) modems tocommunicate with other components in the PACS (e.g., where the PACS isdistributed between multiple campuses and uses a communication mediumthat includes the Internet). Another embodiment employs a high-speed LANconfiguration (e.g., Ethernet), such as that found in a large healthcareprovider campus. Another embodiment employs one or more wirelessnetworks. In short, any one or combination of network topologies can beused, as will be apparent in light of this disclosure. For example,assume the PACS is distributed over two different healthcare providercampuses that are communicatively connected via a WAN including theInternet. In addition, each campus has a LAN that includes WiFi-enabledpods that include a plurality of work/view stations.

System Dataflow

FIG. 1 is a collaboration diagram showing flow of information andprocessing in a picture archive communication system (PACS) configuredin accordance with one embodiment of the present invention. As can beseen, the diagram is annotated with eight major steps, each of whichwill be described in turn. Note that the steps are not intended toimplicate any particular processing order.

The imaging modality can be any one of a variety of imaging sources,such as CT scanners, MRI scanners, X-ray machines, and other suchmedical imaging equipment. In one particular embodiment, the imagingmodality is DICOM-based. As previously explained, DICOM (Digital Imagingand Communications in Medicine) is a standard that includes a fileformat definition for storing and distributing medical imaginginformation. The DICOM standard is herein incorporated in its entiretyby reference, and is also publicly available on the WWW at:http://medical.nema.org/. In general, a DICOM file includes a headerwith standardized as well as free-form fields and a body of image data.A single DICOM file can contain one or more images, thereby allowing forstorage of volumes and/or animations. Image data can be compressed usingany number of conventional or proprietary standards, such as JPEG,run-length encoding (RLE), and LZW. As is further known, DICOM groupsinformation together into a file. For instance, a CT scan of a patient'sabdomen is in the same file as the patient's ID and other patientinformation. A DICOM file also typically includes a media directory(DICOMDIR) that provides an index and other pertinent information forthe contents of the DICOM file. Other embodiments can be implementedwith other such standards and/or file formats, and the present inventionis not intended to be limited to any one in particular.

In any case, step 1 shown in FIG. 1 includes the modality SCU (whetherDICOM-based or other) sending the study (e.g., medical images and/orother personal medical data) to the acquisition service. In thisparticular embodiment, the modality is DICOM-based and transmits thestudy using transmission control protocol (TCP) or other suitableprotocol for reliable network transmission. Here, at step 2, theacquisition service is programmed or otherwise configured to convert theTCP stream of data into DICOM objects.

At step 3, the rights management service is programmed or otherwiseconfigured to determine the correct owner of the DICOM objects based onthe information in the DICOM header of the objects. This headerinformation includes, for example, patient, provider, addresses, medicalrecord number, exam accession number, etc. From this information, therights management service is programmed or otherwise configured toassign an encryption key against the objects based upon the registeredowner. This registered owner could be the patient associated with thecontent, but most likely would be the provider who requested theprocedure (or both). Objects are encrypted, and keys are registered inthe medical image archive/license store.

In step 4, the encrypted objects are written to a medical image objectfile system. Any number of conventional or custom encryption techniques(e.g., symmetrical/asymmetrical key and/or password based, such as PGPand RSA encryption algorithms) and file systems (e.g., disk and databasefile systems) can be implemented by the rights management service andfile system, respectively.

In step 5, the packet encoding service retrieves the encrypted objects,chunks or “packetizes” the objects pursuant to a predefined packetscheme (e.g., TCP/IP), and assigns a manifest to each object.

In step 6, the multicast endpoint service then broadcasts the datapackets onto the network using multicast IP (e.g., reliable multicasttransmission, such as MTP). In general, other components included in thePACS, such as imaging archives, clinicians' workstations, andradiologist reading stations, all have broadcast receiving services thatcorrespond to the multicast IP transmission techniques employed by themulticast endpoint service.

In step 7, the receiver service agents of the various imaging archives,clinicians' workstations, and/or radiologist reading stations receivethe multicast broadcasts from the multicast endpoint service. Thesereceiver service agents read the manifest and re-assemble the medicalobjects locally on the workstations, archives, and other storagemediums.

At step 8, as medical objects are viewed, the user is authenticatedagainst the rights management license store to ensure they haveprivileges to view or change the medical objects. At this point, theobjects are decrypted for viewing. In one such embodiment, the objectsare decrypted within the stream for viewing.

System Architecture

FIG. 2 illustrates a high-level view of a PACS configured in accordancewith one embodiment of the present invention. Each of the systemcomponents, as well as medical image object distribution, will bediscussed in turn with reference to one or more of the 9 stagesdepicted. Note that the stages are not intended to implicate anyparticular processing order.

At stage 1, the patient is scanned by the modality. At this time, thepatient or caregiver generates a list of who has been “granted rights”to view the medical image objects that will be generated. Alternatively,or in addition to, the associated system can automatically generate thelist of granted rights (e.g., radiology information system automaticallygenerates list to include attending, technician, an other relevantcaregivers based on patient consent). This automatically generated listmay be edited based on patient and/or doctor input (e.g., via an “EditGranted Rights” graphical user interface). Typically this list wouldinclude the radiology technicians (at least for a brief period of time)and the radiologists and any other specialists that may need to usethese medical image objects for interpretation and surgical/care givingscenarios. This list of granted rights is generally referred to hereinas an issuance license, and can be temporarily stored in the informationsystem (e.g., secure PC or server within healthcare provider facility,or a memory stick, or a diskette or other suitable storage device thatcan be used to hold the issuance license) until the physical medicalimage objects are generated by the scanner. Recall that the grantedrights can be time-limited if so desired.

At stage 2, the DICOM-based modality transmits the medical images to theacquisition service.

At stage 3, the acquisition service is configured to perform a normalDICOM C-Store SCP. However, this could also be Twain, secondary capture,or other medical image object acquisition. At this point, theacquisition service can query the information system for the issuancelicense described in stage 1. Alternatively, the issuance license can bemanually provided to the acquisition service (e.g., by loading theissuance license from a diskette or memory stick into a computing systemupon which the acquisition service is executing, or simply entering theissuance license information manually using user input devices, such askeyboard, mouse, and graphical user interface). The medical imageobjects are then encrypted by the acquisition service and keys areregistered. In one embodiment, the acquisition service implements an RSAencryption algorithm for encrypting the medical objects. As previouslystated however, numerous protection schemes can be used here, dependingon factors such as the desired security level and robustness.

At stage 4, the acquisition service creates a pipeline for the objectdata and stores the encrypted image data locally on the acquisitionservice and also streams the encrypted image data through a packetencoder. The packet encoder generates a manifest for the encryptedmedical image object. The manifest contains a secure packet version ofthe medical image object making it available for reliable multicaststreaming.

At stage 5, the packet encoder sends the manifest and the medical imageobject information to a central directory service that is programmed orotherwise configured to index/track the location of all medical imageobjects within the PACS. This directory service also may include alicense store and serve as the rights management service. In oneparticular embodiment, the central directory service is implemented asdescribed in U.S. patent application Ser. No. 10/997,766 filed Nov. 23,2004, and titled “Health Care Enterprise Directory” which is hereinincorporated in its entirety by reference, along with its priorityapplication U.S. Provisional Application No. 60/525,246 filed Nov. 26,2003, entitled “Enterprise Data Directory in Support of Diverse DataTypes in a Healthcare Information System.” The central directory servicedescribed therein (e.g., “enterprise directory 100”) provides a commonintegration layer for data management and processing in a healthcareinformation setting or system that includes multiple disparate medicalinformation systems and heterogeneous data objects of different types(e.g., image and report) and formats.

In one such embodiment, the central directory service is coupled to anumber of “subscribing” systems distributed across the healthcareprovider's enterprise. Subscribers included in the example system shownin FIG. 2 include the permanent storage of datacenter, surgical planningspecialist workstation, surgery specialist workstation, radiologistspecialist workstation. These subscribing systems receive, generate, orotherwise access information about various data objects (e.g., medicalimage objects), and regularly transmit updates about the status of thesedata objects in the form of notifications to the central directoryservice. The central directory service processes these notifications andmaintains an index of data objects and status data about the objects.The index includes, for example, references to the data objects such aspointers to local repositories associated with the subscribing systems.Alternatively, or in addition to, references may point or otherwiserefer to copies of the digital data objects that have been provided tothe central directory service and stored in one or more data archives orstores (e.g., datacenter). The central directory service notifies one ormore subscribing systems of status changes reflected in notificationsprovided to it. The central directory service may broadcast messages oralerts to one or more subscribing systems according to predeterminedinstructions or logic that dictate, for instance that status updatesconcerning a specified patient be provided to a specific subscribingsystem. A user of a subscribing system can access one or more dataobjects referenced in such a message through the central directoryservice. The user can also provide instructions and preferencesregarding messages and notifications exchanged between a subscribingsystem and the central directory service, as well as audit or otherinformation to be used by the directory service.

At stage 6, medical image packet data is pipelined from the packetencoder to the network stack for reliable multicast IP. As previouslydiscussed, any number of multicast technologies can be used here, andreliable multicast IP is one example embodiment. At stage 7, the medicalimage object packets with manifest are broadcast to all availablelisteners. The type of multicast used will depend on factors such as thecommunication medium and protocols employed and the desired level ofreliability. Note that TCP/IP protocols work well for transmission overboth LAN (e.g., Ethernet) and WAN (e.g., Internet).

At stage 8, the medical image object listeners (e.g., permanent storageof datacenter, surgical planning specialist workstation, surgeryspecialist workstation, radiologist specialist workstation) receive thebroadcast manifest and re-assemble the medical image objects locallyfrom the instructions of the manifest. These medical image objects arethen stored locally for use on the computer, for example, in an isolatedprotected file system. In one particular embodiment, if local storagehits a watermark threshold, the listener processing system deletes theoldest medical image objects and notifies the directory service.

At stage 9, the medical image object listeners notify the directoryservice that the medical image object is on the local computer (statusof object). Note that this status can be updated, for example, should anobject be removed by user or by operation of a threshold-basedself-cleaning process that eliminates older files to make room for newerobjects (as previously described). In any case, the directory serviceknows where all images are on the system at any one time. During anyaccess on the local computer, the user must authenticate with the rightsmanagement service and the end-user (receiver) solution uses theissuance license to decrypt the medical image objects for viewing. Thus,digital rights management is enabled to protect the distributed andstored objects and the patient's privacy.

Acquisition with DRM Process

FIG. 3 illustrates a components and communication flow of a PACSutilized during an image acquisition process, in accordance with oneembodiment of the present invention.

As can be seen, the system includes an acquisition process/archivesection, a receiver section, and a directory service section. Thereceiver section can be a data storage or archive sub-system (e.g.,permanent off-site storage) or a specialist's workstation (e.g.,interpreter/radiologist). As will be appreciated in light of thisdisclosure, a plurality of receiver can be configured to communicatewith the acquisition process/archive section and the directory servicesection. Each of the functional modules can be implemented, for example,in software (e.g., C, C++, or other object-oriented instruction set).Also, storage facilities can be implemented using any conventionalstorage techniques, such as dedicated storage devices (e.g., harddrives, servers, ROM, flash memory, etc) or virtual storage.

This example embodiment shown in FIG. 3 assumes a DICOM-based modalitytransmits the medical images to a DICOM acquisition service in a TCPstream. The DICOM acquisition service converts the TCP stream of datainto DICOM objects, encrypts the objects, and generates encryptedobjects. The DICOM acquisition service uses a local storage process tostore the encrypted medical image object (MIO) in local storage. Thelocal process also creates the issuance license (e.g., based on inputspecifying access rights from a user, such as patient and/or healthcareprovider via a graphical user interface or other suitable data inputmechanism) and stores it in the DRM license store of the directoryservice. The DICOM acquisition service also streams the encrypted MIOdata through a packet encoder. As previously explained, the packetencoder effectively breaks each MIO (or any other type of file) intochunks, and generates a manifest for the encrypted MIO. The manifestcontains a secure packet version of the medical image object making itavailable for reliable multicast streaming or other broadcast.

In this example embodiment, the output of the packet encoder is providedto a number of archive/storage facilities included in the acquisitionprocess/archive, and is also broadcast via reliable multicast IP to oneor more receivers. In addition, the packet encoder sends a notification(e.g., including manifest and the medical image object information) tothe directory service, which is configured to index/track the locationof all medical image objects within the system as previously explained.The directory service also includes the DRM license store and operatesas the rights management service as previously explained.

The medical image object packets with manifest are broadcast to thereceiver, and the receiver includes a medical image object receiveragent configured to receive the broadcast manifest and re-assemble themedical image objects locally from the instructions of the manifest. Thereceiver agent then sends a notification to the directory service toindicate that it has received new object data. In this sense, thereceiver agent is actually a transceiver (both receive and sendfunctions are enabled). The re-assembled medical image objects (or otherbroadcast data objects) are then stored locally using a local storageprocess, so that they can be viewed or otherwise securely used on thecomputer/workstation. In the embodiment shown, the local storage processis configured to implement a FIFO storage. If the local storage facilityexceeds it max capacity, then the local process effectively deletes orpushes out the oldest medical image objects to make room for newlyreceived medical image objects and/or other patient data. The localprocess may also be configured to send (e.g., via itself or the receiveragent) a notification to the directory service that it has received newobject data, and/or that it has deleted old object data.

Variations on this embodiment will be apparent in light of thisdisclosure. For instance, note that functionality of the local storageprocess can be integrated into the MIO broadcast receiver agent (or viceversa), if so desired. In any case, the directory service knows allimages stored on the receiver at any one time. In addition, the receiveragent and/or the local process have access to the local DRM licensestore, which stores directory service data relevant to that receiver(including object status). Secure distributed database and replicationtechniques can be used to synchronize the local DRM license store of thereceiver with the DRM license store of the directory service.Alternatively, dedicated secure transmissions can be used to communicateDRM information between DRM license stores. Alternatively, each DRMstore can be manually maintained (e.g., by system administrator). Otherinformation, such as cryptography keys, passwords, etc, can also bestored in the DRM license store to facilitate carrying out a robust DRMscheme.

During any access attempts of the stored medical image objects, thelocal process (or other such process) requires the user to authenticate(e.g., user name and password or other secure ID mechanism) with therights management service of the directory server, and uses the issuancelicense (which specifies who has been granted rights to access theobject data) to decrypt the medical image objects for viewing. Securityinformation such as the issuance license and cryptography keys can beexchanged between the acquisition process/archive and the receiver, forexample, by a manual exchange process, secure transmission, or othersuitable means. In one particular embodiment, the issuance license isstored in the DRM license store of the directory service, which is thensecurely replicated to the receiver DRM license stores, using any numberof conventional or custom replication processes.

The foregoing description of the embodiments of the invention has beenpresented for the purposes of illustration and description. It is notintended to be exhaustive or to limit the invention to the precise formdisclosed. Many modifications and variations are possible in light ofthis disclosure. For example, embodiments of the present invention canbe used to facilitate the transmission and storage of data objects otherthan medical image objects using reliable multicasting, includingvarious types of data or pieces of information, such as video files,audio files, non-medical images, on-line forms, documents in PDF, TIFF,BITMAP, GIF, JPEG, and various other formats, including textual,tabular, graphical, HTML, or XML formats. Example medical data objectsincludes, for example, a radiology image, a dictation voice clip, ascanned Advance Beneficiary Notice (ABN) form, or an electrocardiogram(ECG) strip. Other data objects will be apparent in light of thisdisclosure. It is intended that the scope of the invention be limitednot by this detailed description, but rather by the claims appendedhereto.

1. A method for securely communicating medical information, comprising:receiving patient information, including medical image data; convertingthe patient information into medical image object (MIOs); encrypting theMIOs; creating an issuance license that specifies access rights of theMIOs, thereby limiting future access to the MIOs; chunking the encryptedMIOs into packets, and assigning a manifest to each chunked MIO; andbroadcasting the manifest and encrypted MIO packets to a plurality ofreceivers on a network.
 2. The method of claim 1, further comprising:receiving the broadcast manifest and encrypted MIO packets at one ormore of the plurality of receivers, and re-assembling the MIOs frominstructions included in the manifest; storing the reassembled MIOslocal to the at least one receiver; and requiring user authentication inaccordance with the issuance license during access attempts of thestored reassembled MTOs.
 3. The method of claim 2, further comprising:sending by each of the one or more receivers a notification to adirectory service to indicate that it has received the broadcast MTOs.4. The method of claim 1, further comprising: storing the issuancelicense in a digital rights management (DRM) license store of adirectory service.
 5. The method of claim 1, further comprising: storingthe encrypted MIO packets in an archive for long term storage.
 6. Themethod of claim 1, further comprising: indexing and tracking location ofall broadcast MIOs using a directory service.
 7. The method of claim 6,further comprising: sending by at least one of the receivers anotification to the directory service to indicate that the receiver hasreceived the broadcast MTOs.
 8. The method of claim 1, furthercomprising: storing the reassembled MIOs local to the at least onereceiver; removing older MIOs to make room for newly received MIOs; andnotifying a directory service of the change in MIO storage.
 9. Themethod of claim 1, wherein converting the patient information into MIOsincludes converting the patient information into Digital Imaging andCommunications in Medicine (DICOM) MIOs.
 10. The method of claim 1,wherein broadcasting the manifest and encrypted MIO packets is carriedout using reliable IP multicasting.
 11. A system for securelycommunicating medical information, comprising: at least one storagemedium having stored therein a plurality of executable instructions,wherein when executed, the instructions operate the system to: receivepatient information, including medical image data; convert the patientinformation into medical image object (MIOs); encrypt the MIOs; createan issuance license that specifies access rights of the MIOs, therebylimiting future access to the MIOs; chunk the encrypted MIOs intopackets, and assigning a manifest to each chunked MIO; and broadcast themanifest and encrypted MIO packets to a plurality of receivers on anetwork; and at least one processor coupled to the at least one storagemedium to execute the instructions.
 12. The system of claim 11, furthercomprising: a second at least one storage medium having stored therein aplurality of executable instructions, wherein when executed, theinstructions operate the system to: receive the broadcast manifest andencrypted MIO packets at one or more of the plurality of receivers, andre-assembling the MIOs from instructions included in the manifest; storethe reassembled MIOs local to the at least one receiver; and requireuser authentication in accordance with the issuance license duringaccess attempts of the stored reassembled MIOs; and a second at leastone processor coupled to the second at least one storage medium toexecute the instructions.
 13. The system of claim 12, wherein whenexecuted, the instructions of the second at least one storage mediumfurther operate the system to: send by each of the one or more receiversa notification to a directory service to indicate that it has receivedthe broadcast MIOs.
 14. The system of claim 11, wherein when executed,the instructions of the at least one storage medium further operate thesystem to at least one of: store the issuance license in a digitalrights management (DRM) license store of a directory service; and storethe encrypted MIO packets in an archive for long term storage.
 15. Thesystem of claim 11, wherein when executed, the instructions of the atleast one storage medium further operate the system to: index and tracklocation of all broadcast MIOs using a directory service; and receivefrom at least one of the receivers a notification at the directoryservice to indicate that the receiver has received the broadcast MIOs.16. The system of claim 11, wherein when executed, the instructions ofthe at least one storage medium further operate the system to: store thereassembled MIOs local to the at least one receiver; remove older MIOsto make room for newly received MIOs; and notify a directory service ofthe change in MIO storage.
 17. The system of claim 11, wherein thesystem converts the patient information into MIOs by converting thepatient information into Digital Imaging and Communications in Medicine(DICOM) MIOs.
 18. The system of claim 11, wherein the system broadcaststhe manifest and encrypted MIO packets using reliable IP multicasting.19. A system for securely communicating medical information, comprising:an acquisition service for receiving patient information includingmedical image data, converting the patient information into medicalimage object (MIOs), encrypting the MIOs, and creating an issuancelicense that specifies access rights of the MIOs, thereby limitingfuture access to the MIOs; a packet encoder for chunking the encryptedMIOs into packets, and assigning a manifest to each chunked MIO; and abroadcast service for broadcasting the manifest and encrypted MIOpackets to a plurality of receivers on a network.
 20. The system ofclaim 19, further comprising: a receiver agent for receiving thebroadcast manifest and encrypted MIO packets at one or more of theplurality of receivers, and re-assembling the MIOs from instructionsincluded in the manifest; a storage facility for storing the reassembledMIOs local to the at least one receiver; and a digital rights management(DRM) license store for use in carrying out user authentication inaccordance with the issuance license during access attempts of thestored reassembled MIOs.